You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

I have cleared off a fake Windows-7 Restore error, which turned out to look exactly the same as the Windows Diagnostic Fake analysis program, from a Dell Inspiron 1545 laptop running Win7 Home Premium (64Bit). It has MCAfee Total Protection installed. I connected the harddrive via an external usb docking chassis and scanned it with F-secure and MBAM. The following were remove or quarantined :gen:variant.KAZY.$$$ (many of these)
trojan.generic.KDV.247366
win32.bagle.gl.mm
exploit.cve2010.0840
KPrmtXIWDpgPMUD.exe
After finding the Windows Diagnostic Unistall Guide, I managed to unhide all the documents, but still have empty program files folders and there are infinate application data directories embedded within each other. Clearly I have managed to do only half a job! Any help would be appreciated.

* Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform quick scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. * Post the log back here.

Be sure to restart the computer.

The log can also be found here:C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txtOr at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

Wow, that was a marathon effort, but mostly all restored. One last problem is that some shortcuts and folders have a lock on them. These include Word, Excel, Outlook, Documents and setting and all the documents in My Documents. These locks just seem to pop on at any time, although I can still use the appications.

The ones that I have just restored in all programs are fine for now, but haven't been using those short cuts. The application short cuts on the desktop have the lock and in windows explore all the documents have locks. The applications in c:\program files do not have the lock on them. I can delete the short cuts on the desktop and recreate them, but not for all the documents.

Does this give you any idea? Should I post a screen shot? The locks on all the documents are only on those created before the malware. Those created afterwards seem fine! Unfortunatley I need to give this computer back to its rightful owner soon, so may just have to live with what I have done so far, or totally reinstall.

SystemLook 04.09.10 by jpshortstuff
Log created at 10:46 on 24/06/2011 by buddier
Administrator - Elevation successful